aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authorben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-04 12:50:49 +0000
committerben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-04 12:50:49 +0000
commitf5a5a7b37580e6c5fc34d9b4c5729eeb18e5e7db (patch)
tree469698eb679b05dd502567cffeebd11b360af1ee /engine
parent4f121eefd2c13defbc7b29077cdb9a6dace7c5bb (diff)
downloadelgg-f5a5a7b37580e6c5fc34d9b4c5729eeb18e5e7db.tar.gz
elgg-f5a5a7b37580e6c5fc34d9b4c5729eeb18e5e7db.tar.bz2
When a new password is generated, the salt is now regenerated first. Fixes #726.
git-svn-id: https://code.elgg.org/elgg/trunk@2637 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/users.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 6dabbc9d2..baf3b5950 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -964,8 +964,8 @@
if ($user)
{
- $hash = generate_user_password($user, $password);
- $salt = generate_random_cleartext_password(); // Reset the salt
+ $salt = generate_random_cleartext_password(); // Reset the salt
+ $hash = generate_user_password($user, $password);
return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash', salt='$salt' where guid=$user_guid");
}